The Chromecast is for sharing and isn't secure by design

Is anyone aware if there are any plans to add security to this? Either by Google or maybe a developer working something? I am using some of these for information monitor purposes at a restaurant I do IT work for. One of the employees "accidentally" started broadcasting YouTube videos to the TV overriding the computer feed. Even something as simple as requiring a pin before transmitting would be perfect.

My only other idea would be to put the Chromecast and computer on a different subnet to reduce the likelihood of accidental broadcast.

Anyone, let me know your thoughts. Thanks!

Of course we can't be sure of Google's plans (nobody ever is), but we think the Chromecast was designed for this sort of behavior. Anyone on the same network has access to cast right to the TV using it, and in Google's eyes this makes it social and fun. Because of this, it's inherently insecure.

Now, in all fairness, the Chromecast is posed as a pure consumer entertainment device. We're not surprised that Google has not built-in checks to lock it down. That doesn't mean third party developers won't find a way to make that happen (have you seen what those guys can do?), but for now I think we had better get used to the idea that anyone you put on the same network as the Chromecast is going to be able to send stuff to the television.

The only suggestion we could have would be to secure the network it's on, and be very prudent about who and why you give out the credentials. Or just don't put a Chromecast in a space where it could become an issue.

Seems like there has been a resurgence.
I'll never understand why people squander the opportunity to set a good pace for discussion by merely posting the word "first." Its sad to think that is all they have to contribute.

I'll be using it in my dorm too and I'm a little concerned about this security issue, not that anyone would use it for malicious intents but just as a joke or something. It could be amusing the first few times but I can see it getting old fast...

The security comes from the barrier of a password to get on your wifi network. Accidentally transmitting something requires at minimum two willful taps on any device. If you have allowed someone on your network you have allowed them access to the Chromecast. If you would like some more control than a basic Belkin router for $19.99 for a dedicated wifi network via a Y-topology network setup would easily secure the device if you do not trust everyone you give access to your network.

You sound foolish. All we are talking about is a distinct situation where the set up is ideal. Nobody is bashing Google. We are just saying a workaround would be nice. Is a pin on your phone a false sense of security? Who knows why you pulled that phrase out. I don't care but it sure prevents the average person from accessing your phone.

Not a problem for me at home but it rules this out for work, college, coffee shops, and other places with unsecured networks. Google needs to allow optional password control so a coffee shop or a college kid can use a device like this should they want to

Unsecured networks in public places should not exist. Even if the network name is the same as the SSID that is better. WPA2 breaks the hole made public from Firesheep. If the Chromecast is on the same network it is not the best solution for security. A simple Y-topology network setup to have the Chromecast on its own network would be better and wouldn't even show up to other devices on the other network.

The security for the Chromecast is your wifi password. If you can not trust devices on your network then you need to move the Chromecast to another network. A pin is not sufficient if you have people on your network that you do not trust.

I think you're missing the point entirely. If an entire floor of a college campus dorm is sharing WiFi, what do you propose to keep people from beaming their shit to your shit?

I understand the openness of the device and like this aspect of it personally, but I could see it being ridiculously frustrating to use in an environment with a secure WiFi network shared among a lot of people.

I work for the fire department and we have coined the term Chrome-Jacking for when somebody else takes over the chrome. Our network is secure, but everyone is behind it. When I brought it in to the station I said, "let the games begin". It would be nice to be able to pin protect it.

Same situation here,I brought mine to the firehouse and plugged it in at weekend breakfast and kaboom videos were getting rolled over left and right. Its cool and all but when you are in your cube trying to watch a movie and Netflix and a random cat video pops up it kind of sucks.....but still funny. I would like a way to lock it to my devices only when I feel like it.

My question is why would you use it in a commercial setting when it clearly is not designed for that. With or without security, to me ChromeCast is more marketed as a personal device and not for use in a commercial setting. Can it be used in an commercial setting, sure. But I wouldn't knowing it could not be secured and "accidently" hijacked by the public or some other employee.

Aslowe here's my security tip for you, keep Chromecast at home. If your work can't handle the cast keep it away. Quit B.S.ing everyone with a need for "security" something that's pretty straight forward. If your company lets your coworker use a computer that can download Chrome and the Googlecast extension then that should be enough lack of security on your company's part.

Does that mean if there are two chromecasts in the same home on the same network, they will both show the same thing brodcasted from one phone. I was thinking of having one in the bedroom and one in the living room where two different things can be seen on each.

Portions of this page are modifications based on work created and shared by the Android Open Source Project
and used according to terms described in the Creative Commons 2.5 Attribution License. AndroidCentral is an independent site
that is not affiliated with or endorsed by Google.